{"id":10,"date":"2015-11-15T13:29:59","date_gmt":"2015-11-15T21:29:59","guid":{"rendered":"https:\/\/cloudinsidr.com\/content\/?p=10"},"modified":"2016-08-27T13:42:51","modified_gmt":"2016-08-27T21:42:51","slug":"anti-spam-defense-in-postfix","status":"publish","type":"post","link":"https:\/\/www.cloudinsidr.com\/content\/anti-spam-defense-in-postfix\/","title":{"rendered":"Anti-Spam Defense: Using Postfix With smtpd Access Restrictions"},"content":{"rendered":"

Fighting spam, aren’t we all… To stem the tide of unwanted junk mail look no further than the built-in access restrictions in Postfix<\/a>.<\/p>\n

<\/p>\n

If you find yourself the postmaster-in-chief, the last think you want is having to rely on your users to weed through spam and navigate around phishing mails without fail. In fact, spam is a major source of security breaches that involve using social engineering to allow hackers to get a foot in the door.<\/p>\n

Why mail services fail at filtering spam (some even fail miserably)<\/h4>\n

Unsolicited mail is a problem that every organization must fix for itself, one way or the other. Even those of us who are paying for an enterprise-class spam detection service aren’t always happy with the results. The same goes for anti-spam services that set honeybee traps all over the Internet to collect junk trying to come up with effective filters. Your mileage will vary in either case. Are their traps attracting the same spammers that are flooding your users’ inboxes? Judging upon the efficiency of software tools and anti-spam services in real-world scenarios, the answer is: not so much. On top of it, mail services such as Gmail for Business or AWS Workmail have to tailor their services to all of their customers’ industries, including such spam hotspots as car insurance, home improvement, and health care. Good luck with that.<\/p>\n

So how do you go about fixing the problem in your organization when you find yourself in charge of it? You could set up spam filtering software that uses heuristics such as Apache Spam Assassin, but it will come at the cost of a performance penalty\u00a0and with somewhat questionable benefits of\u00a0ongoing maintenance.<\/p>\n

Postfix supports Sendmail version 8 Milter protocol and thus Sendmail milters (mail filters). Milter.org, once the world’s most comprehensive catalog of Milters, has been shut down some time ago, and Sendmail, Inc. is now Proofpoint, Inc,<\/a> following an acquisition. \u00a0Proofpoint Inc. continues to provide\u00a0milters in its standard open source distribution of Sendmail<\/a>. Milters can be used to\u00a0fight spam, scan attachments for viruses, and sign messages. Even so, the future of milters is anything but\u00a0clear.\u00a0Unless you wanted to implement Sendmail milters in Postfix, your best bet when trying\u00a0to stem the flood of spam is using Postfix’ built-in functionality: smtpd\u00a0restrictions, header and body checks, and external rbl\/rhsbl databases. These tools are more than adequate for most use case scenarios. Your other option is using the likes of Spam Assassin.<\/p>\n

To a degree, you could also\u00a0rely on the built-in access restrictions in the mail client\u00a0of your users’ choice. To that end, you can extract email addresses of known spammers from your mail clients’ log files or from discarded junk mail, then use them to build rules for handling incoming messages.<\/p>\n

Here is how to do it in Postfix.<\/p>\n

A multi-step approach to spam filtering<\/h2>\n

Postfix allows you to implement multi-layered spam filtering: during the connection negotiation with SMTP clients using smtpd\u00a0restrictions, then when accepting incoming mail by scanning the\u00a0headers and the body of each message for clues. Postfix provides the following functionlity right off the bat:<\/p>\n